Apple issues out-of-band updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine. Three of these are zero-day flaws, while one is an expanded patch for a fourth vulnerability. Apple keeps details of security problems close to the vest, for our customers protection, saving the blood and guts until after it investigates and manages to pump out patches or new releases. Apple’s statement that processing maliciously crafted web content may lead to arbitrary code execution is alarming.
Source: https://threatpost.com/apple-zero days-active-attack/165842/